[Swan] [IPsec] IKEv2 in iOS 9 and OS X El Capitan (fwd)

Paul Wouters paul at nohats.ca
Fri Jul 10 00:21:53 EEST 2015

I thought this might be of interest to people here,


---------- Forwarded message ----------
Date: Thu, 9 Jul 2015 17:09:51
From: Tommy Pauly <tpauly at apple.com>
Cc: Vividh Siddha <vsiddha at apple.com>, Christophe Allie <callie at apple.com>,
     Delziel Fernandes <delziel at apple.com>
To: IPsecME WG <ipsec at ietf.org>
Subject: [IPsec] IKEv2 in iOS 9 and OS X El Capitan


I wanted to give an update to the list about some recent improvements to IPSec support in Apple’s operating
systems. Apple has released the public betas for iOS 9 and OS X El Capitan today, available at beta.apple.com. 

As part of these releases, we have extended support for IKEv2, and have made IKEv2 the default VPN type. Here is
a brief summary of what has changed for these releases:

- IKEv2 is now manually configurable for both iOS and OS X, and is now the default VPN type when adding new VPN
configurations. We support manual configuration of EAP-MSCHAPv2, EAP-TLS, no-EAP certificate auth, and no-EAP
shared secret auth. We also support configuring IKEv2 using a configuration profile, which provides many more
options for different authentication types, crypto algorithms, and enabling/disabling features.
- We now enable MOBIKE (RFC 4555) by default
- We now support IKEv2 Message Fragmentation (RFC 7383)
- We now support server redirect (RFC 5685)
- We support suite-B crypto algorithms

I encourage anyone who is interested to download the betas and try out IKEv2! If you have feedback or questions,
please send them my way. I’ll also be attending the meeting in Prague.

Tommy Pauly
Core OS Networking, Apple
-------------- next part --------------
IPsec mailing list
IPsec at ietf.org

More information about the Swan mailing list